Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Hello!
I go by FencerGirl. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.

Please be patient and I'd be grateful if you would note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.

The fixes are specific to your problem and should only be used for this issue on this machine.

Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

It's often worth reading through these instructions and printing them for ease of reference.

If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

Finally, please reply to this thread. Do not start a new topic.

It may take me a while to reply to you as all of my fixes are being checked by experts to ensure that you are getting a good fix. And remember, like you I have a real life, so I may not be at my computer when you are!

Your HijackThis log appears to be clean. However, since you indicate that you cleaned a virus with possible rootkit tendancies, let's see what's lurking on your system.

Since your computer may have been compromised, please do not use this computer for anything that may require entry of passwords or credit card information, any banking or anything else that might be sensitive.

SCAN FOR MALWARE.Preparation

1) Download the trial version of Ewido anti-spyware from here and save it to your Desktop.If you already have this program installed, skip to Updating Ewido: below.

* Please note that these instructions are for the new version - Ewido anti-spyware. If you have the old version - Ewido anti-malware and it is the:

paid-for version - you will need to go here and obtain an updated license code before you upgrade.

free version - you will need to uninstall it and reboot before installing the new version.

Double click the ewido-setup file to begin installation and follow the prompts.When the program has been installed, and you click the Finish button, Ewido anti-spyware will open.

Updating Ewido:

By default Ewido is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:

Click the Update icon at the top and under "Manual Update" - click the Start update button.

Either Ewido will update or inform you that no update was available.

If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.Once you have installed Ewido, double click ewido-signatures-full-current.exe to update it.

Disabling the Resident Shield:

By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.(When the PC has been cleaned you can activate the shield again, if you wish.)

Click the Shield icon at the top and under "Resident shield is..." - click active.

This should now change to inactive.

Changing Recommended Actions

Click the Scanner icon at the top and then click the Settings Tab.

Under "How to act?" click Recommended actions and select "Quarantine" from the menu.

You can now close Ewido anti-spyware.

Ewido anti-spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that Ewido will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

Log off from the internet and disconnect your modem cable for the duration of the fix. Now, get into Safe Mode by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

You'll want to print out these instructions because you will not have internet access while in Safe Mode.

Removal

1) Ensure that ALL open Windows / Programs / Folders are closed and then run Ewido anti-spyware.

If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.

Click "Complete System Scan"

While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!

When the scan has completed, any threats that Ewido has detected will be displayed.

Click the Apply all actions button at the bottom.

When Ewido has finished, it will display the message "All actions have been applied".

Saving a report:

Click the Save Report button at the bottom left and the "Reports" window will open.

The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\ewido anti-spyware 4.0\Reports folder.

You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.

You will be promted to install an ActiveX component from Kaspersky,Click Yes.

The program will launch and then begin downloading the latestdefinition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwiseStandard)

Scan Options:

Scan ArchivesScan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has beeninfected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.

LOOK FOR ROOTKITS.For more information on rootkits, visit this siteThe safest way to deal with a rootkit is reformat and reinstall Windows. If, however, you don't can't or don't want to do that, then we can try to clean the rootkit.

Please download RootKit Revealer.Create a folder for Rootkit Revealer on the C: drive called C:\Rkr. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it Rkr. Extract all the files from the zip archive into that folder.

Open the Rkr folder and double-click the icon for RootkitRevealer.exe to launch the program. Save the log into that folder (File > Save)

If you get a warning, let the driver load...it will be a random named one but if you have spyware protections running the info they give (when warned) will tell you it is from sysinternals.

When you get done with all of these scans, please post back with your Ewido, Kaspersky and Rootkit Reaveler logs along with a new HijackThis Log.

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.